Lucene search
K

21 matches found

Qualys Blog
Qualys Blog
added 2026/06/04 9:17 p.m.17 views

From Operating Model to Product: How We Built the ROC for Detection-Speed Remediation

In the first article in this series, we made the case for a prevention-led operating model. This article is about what happened next: the decision to build something that did not exist, and what it took to make it real. Turning an operating model into a product sounds straightforward until you ar...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/07 4:29 p.m.7 views

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

In the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are maturing, yet the risk is actually increasing. According to new research from the Ponemon Institute , hundreds of applications within the typical enterprise...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/01 11:0 a.m.9 views

A New Maturity Model for Browser Security: Closing the Last-Mile Risk

Despite years of investment in Zero Trust, SSE, and endpoint protection, many enterprises are still leaving one critical layer exposed: the browser. It's where 85% of modern work now happens. It's also where copy/paste actions, unsanctioned GenAI usage, rogue extensions, and personal devices crea...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/02 12:0 a.m.4 views

Securing Agentic AI: a Comprehensive Threat Model and Mitigation Framework for Generative AI Agents

As generative AI GenAI agents become more common in enterprise settings, they introduce security challenges that differ significantly from those posed by traditional systems. These agents are not just LLMs; they reason, remember, and act, often with minimal human oversight. This paper introduces ...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/01 12:8 p.m.17 views

NIST Cybersecurity Framework 2.0

NIST has released version 2.0 of the Cybersecurity Framework: The CSF 2.0, which supports implementation of the National Cybersecurity Strategy, has an expanded scope that goes beyond protecting critical infrastructure, such as hospitals and power plants, to all organizations in any sector. It al...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/11/16 6:26 p.m.21 views

Manage Enterprise Risk at Scale with a Unified, Holistic Approach

The rapid pace of technological change and the attendant rise of cyber threats in both speed and number leave most organizations at a disadvantage. Historically, many firms faced this challenge simply by purchasing more technology in the hopes that the latest threat protection software would keep...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/02 11:4 a.m.12 views

New SEC Rules around Cybersecurity Incident Disclosures

The US Securities and Exchange Commission adopted final rules around the disclosure of cybersecurity incidents. There are two basic rules: 1. Public companies must "disclose any cybersecurity incident they determine to be material" within four days, with potential delays if there is a national...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2021/11/09 4:1 p.m.20 views

The New Frontier of Enterprise Risk: Nth Parties

By Ran Nahmias, Co-Founder and CBO, Cyberpion The concept of risk in enterprise IT is constantly evolving. And considering recent findings, it’s clear that there’s a risk frontier that’s been underestimated – Nth party risk. Traditional enterprise risk management has focused on two domains:...

7.4AI score
Exploits0References4
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/09/28 8:0 p.m.27 views

How nation-state attackers like NOBELIUM are changing cybersecurity

This is the first post in a four-part series on the NOBELIUM nation-state cyberattack. Microsoft started telling the industry about this extremely advanced cyberattack in December 2020. The NOBELIUM blog series—which mirrors Microsoft’s four-part video series “Decoding NOBELIUM”—will pull the...

0.1AI score
Exploits0
CNVD
CNVD
added 2021/05/12 12:0 a.m.8 views

Unspecified Vulnerability in IBM OpenPages GRC Platform

IBM OpenPages GRC Platform is a suite of platforms for managing enterprise risk and compliance from IBM in the United States. The platform provides a set of core services and functional components that cover the risk and compliance domain including operational risk, policy and compliance, financi...

4.3CVSS6.2AI score0.00982EPSS
Exploits0References1
CNVD
CNVD
added 2021/02/01 12:0 a.m.7 views

Archer Path Disclosure Vulnerability

RSA Archer is the GRC Enterprise Risk Management Suite. A path disclosure vulnerability exists in Archer versions prior to 6.8 P2. An attacker could exploit this vulnerability to obtain sensitive information that could be used to launch further attacks...

4.3CVSS6AI score0.00537EPSS
Exploits0References1
The Coalfire Blog
The Coalfire Blog
added 2020/05/26 3:56 p.m.15 views

Establishing risk appetite is key to effective risk management

The mission of an enterprise risk management program is to respond to and monitor risks to the enterprises operations and objectives. In order to properly respond to and monitor risks, the enterprise must establish risk appetite thresholds. Well-established and well-communicated risk appetite...

2.1AI score
Exploits0
ThreatPost
ThreatPost
added 2019/03/07 12:53 p.m.109 views

RSA Conference 2019: NIST's Privacy Framework Starts to Take Shape

Data privacy has been thrust into the limelight with the passage of the General Data Protection Regulation in Europe last year and a string of high-profile consumer privacy snafus. The National Institute of Standards and Technology has plans to help companies address data privacy with the...

6.7AI score
Exploits0References4
Qualys Blog
Qualys Blog
added 2018/11/17 12:11 a.m.67 views

QSC18: API Security, Enabling Innovation Without Enabling Attacks and Data Breaches

Without APIs, it would be near impossible to see enterprises being able to digitally transform themselves. After all, APIs are the connective-tissue between applications and systems and they make the management, automation and consumption of technology possible at scale. APIs are what enable...

7.8AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2018/03/08 2:0 p.m.50 views

2017’s Biggest Threats and What CISOs Can do to Mitigate Risks in 2018

Enterprise Risk Management ERM is getting harder every day. According to the World Economic Forum‘s 2018 Global Risks Perception Survey, cyber attacks and data theft are 3 and 4 respectively of the top 5 likely risks organizations will face this year. This is not surprising, in 2017 CISOs the wor...

6.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/09/26 3:30 p.m.12 views

Building a Security Risk Management Program

The frequency of data breaches today highlights the need to peel back the onion on security programs and identify a laser-focused mission and ultimate goal. As a compliance manager, I know the horror stories first hand. Let’s take a deeper dive into security and risk management basics to enable...

7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.36 views

SimpleRisk 20130915-01 - Multiple Vulnerabilities

No description provided by source. 1. Advisory Information Title: SimpleRisk v.20130915-01 CSRF-XSS Account Compromise Advisory ID: RS-2013-0001 Date Published: 2013-09-30 2. Vulnerability Information Type: Cross-Site Request Forgery CSRF CWE-352, OWASP-A8, Cross-Site Scripting XSS CWE-79, OWASP-...

6.8CVSS6.5AI score0.01987EPSS
Exploits7
ThreatPost
ThreatPost
added 2013/04/18 11:11 a.m.83 views

Move Over Conficker, Web Threats are Top Enterprise Risk

Microsoft is ready to officially declare network worms passé for the enterprise. In its latest Security Intelligence Report, released Wednesday, Microsoft said that risks posed by Web-based threats to large, distributed network environments have surpassed malware such as Conficker. The report is...

9.3CVSS0.99945EPSS
Exploits33References5
ThreatPost
ThreatPost
added 2012/06/27 2:12 p.m.19 views

Experts Say Attack on Crypto Tokens is Serious, But Not Catastrophic

A group of international academic researchers has made a major advance in the efficiency of a known cryptographic attack on some kinds of crypto hardware, enabling them to extract sensitive keys from tokens such as RSA SecurID and Aladdin eToken devices within 20 minutes. However, experts say tha...

6.9AI score
Exploits0References3
ThreatPost
ThreatPost
added 2009/03/26 6:52 p.m.9 views

Web site security needs a strategy

Someone begins watching a basketball game and asks who is winning. You might helpfully answer, “Lakers up 76 to 64.” Imagine if instead you said, “The Lakers are 60% from the field, have 12 rebounds, are 8 of 10 from the line, and the average height of the starting lineup is 6’7.” Sure, these are...

7.6AI score
Exploits0References20
Rows per page
Query Builder